mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-10 15:46:33 -04:00
95 lines
3.8 KiB
Plaintext
95 lines
3.8 KiB
Plaintext
The following is an example of the statsnoop tool.
|
|
|
|
|
|
statsnoop is a companion to opensnoop, which traces a variety of stat()
|
|
calls rather than open() calls.
|
|
|
|
Here I run statsnoop on my idle laptop for about 3 seconds,
|
|
|
|
# statsnoop
|
|
UID PID COMM FD PATH
|
|
0 1485 dtrace 0 /devices/pseudo/pts@0:6
|
|
100 791 dtwm -1 /usr/mail/brendan
|
|
100 791 dtwm -1 /usr/mail/brendan
|
|
100 791 dtwm -1 /usr/mail/brendan
|
|
100 791 dtwm -1 /usr/mail/brendan
|
|
100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null
|
|
0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp
|
|
0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp
|
|
100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null
|
|
100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo
|
|
100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo
|
|
100 791 dtwm 0 /devices/pseudo/mm@0:null
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
100 791 dtwm 0 /devices/pseudo/mm@0:null
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
100 791 dtwm 0 /devices/pseudo/mm@0:null
|
|
100 791 dtwm 0 /devices/pseudo/mm@0:null
|
|
100 792 dtfile 0 /devices/pseudo/mm@0:null
|
|
100 783 ttsession 0 /devices/pseudo/pts@0:3
|
|
^C
|
|
|
|
It is interesting what turns up. In the above output, a "dtwm" process
|
|
with process ID 791 called stat on /usr/mail/brendan and received -1 as
|
|
a return value - as this file does not exist. (when were mailboxes ever
|
|
stored in /usr/mail??).
|
|
|
|
|
|
statsnoop has a variety of options, as opensnoop does. Here I trace stat()s
|
|
from processes called "bash", while a new bash shell is executed,
|
|
|
|
# statsnoop -n bash
|
|
UID PID COMM FD PATH
|
|
100 1493 bash 0 /usr/bin/bash
|
|
100 1493 bash 0 /devices/pseudo/pts@0:8
|
|
100 1493 bash 0 /lib/libcurses.so.1
|
|
100 1493 bash 0 /lib/libsocket.so.1
|
|
100 1493 bash 0 /lib/libnsl.so.1
|
|
100 1493 bash 0 /lib/libdl.so.1
|
|
100 1493 bash 0 /lib/libc.so.1
|
|
100 1493 bash 0 /devices/pseudo/pts@0:8
|
|
100 1493 bash 0 /devices/pseudo/pts@0:8
|
|
100 1493 bash 0 /export/home/brendan
|
|
100 1493 bash 0 .
|
|
100 1493 bash 0 /export/home/brendan/.bashrc
|
|
100 1493 bash -1 /usr/mail/brendan
|
|
100 1493 bash 0 /export/home/brendan/.bash_history
|
|
100 1493 bash 0 /export/home/brendan/.bash_history
|
|
100 1493 bash 0 /export/home/brendan/.bash_history
|
|
100 1493 bash -1 /export/home/brendan/.inputrc
|
|
100 1493 bash 0 .
|
|
^C
|
|
|
|
bash also checked /usr/mail/brendan? hmm...
|
|
|
|
$ echo $MAIL
|
|
/usr/mail/brendan
|
|
|
|
hmmmmm...
|
|
|
|
$ cat .profile
|
|
# This is the default standard profile provided to a user.
|
|
# They are expected to edit it to meet their own needs.
|
|
|
|
MAIL=/usr/mail/${LOGNAME:?}
|
|
|
|
huh?
|
|
|
|
$ cat /etc/skel/.profile
|
|
# This is the default standard profile provided to a user.
|
|
# They are expected to edit it to meet their own needs.
|
|
|
|
MAIL=/usr/mail/${LOGNAME:?}
|
|
|
|
$ cat /var/sadm/pkg/SUNWcsr/save/pspool/SUNWcsr/reloc/etc/skel/.profile
|
|
# This is the default standard profile provided to a user.
|
|
# They are expected to edit it to meet their own needs.
|
|
|
|
MAIL=/usr/mail/${LOGNAME:?}
|
|
|
|
oh.
|
|
|